diff --git a/src/node/hooks/express/webaccess.js b/src/node/hooks/express/webaccess.js index 99971206e..28cb649e4 100644 --- a/src/node/hooks/express/webaccess.js +++ b/src/node/hooks/express/webaccess.js @@ -95,8 +95,6 @@ exports.expressConfigure = function (hook_name, args, cb) { // Not installing the log4js connect logger when the log level has a higher severity than INFO since it would not log at that level anyway. if (!(settings.loglevel === "WARN" || settings.loglevel == "ERROR")) args.app.use(log4js.connectLogger(httpLogger, { level: log4js.levels.INFO, format: ':status, :method :url'})); - - args.app.use(express.cookieParser()); /* Do not let express create the session, so that we can retain a * reference to it for socket.io to use. Also, set the key (cookie @@ -107,11 +105,12 @@ exports.expressConfigure = function (hook_name, args, cb) { exports.sessionStore = new express.session.MemoryStore(); secret = randomString(32); } + + args.app.use(express.cookieParser(secret)); args.app.sessionStore = exports.sessionStore; args.app.use(express.session({store: args.app.sessionStore, - key: 'express_sid', - secret: secret})); + key: 'express_sid' })); args.app.use(exports.basicAuth); }